Hi,
Our modsecurity Audit log is logging section A in HEX i.e) SRC IP and DST IP are all in HEX. Tried searching for references to get this fixed but could not find anything therefore asking here.
A similar configuration on different server logs IP addresses correctly.
sample row as as follows
---zbDIkyKt---A--
Hi @inaratech,
What are the versions of your ModSecurity and Nginx connector?
nginx-1.17.9
Modsecurity_nginx connector v1.0.1 - 2019-Dec-16
Modsecurity v3.0.4 - 2020-Jan-13
Hello all,
For information, I have the same problem on:
Ubuntu 18.04.4 LTS
nginx/1.17.10 from nginx repository
Modsecurity-nginx v1.0.1 - 2019-Dec-16
Modsecurity v3.0.4 - 2020-Jan-13
I tried to install Apache server with modsecurity on the same server and there is no problem to get the real IP address.
Yesterday i faced same problem. It wasn't hex ip. It was pointer address.
Here are the quick fix. At ModSecurity/src/transaction.cc change lines like below;
line 1525 - audit_log << " " << this->m_clientIpAddress->c_str();
line 1527 - audit_log << " " << m_serverIpAddress->c_str();
Regards.
The bug is confirmed. The fix is really about get the value out of this pointer. We are currently working in something else that will present the fix for that issue as a side effect. Therefore I am leave it as is for now. Couple of days the new code will on v3/master. Thanks for the report.
Hey fellows, has this bug been fixed officially?
Just had this issue and ended up here on this thread :)
Thanks much!
Andre.
Hi. Same issue here.
Specs:
Ubuntu 20.04 LTS
Modsecurity v3.0.4 - 2020-Jan-13
Apache/2.4.41 (Ubuntu) 2020-04-13
ModSecurity-apache connector v0.0.9-beta1 - 2017-Dec-22
Tried Zavazingo's work around but got an error at compile time. Tried other things like reinterpret cast to change the string to a pointer but even after compiling doesn't seem to have effect.
Edit: Also destination port seems to always be 0.
Tried Zavazingo's work around again. Now all good. And the port issue had to do with Apache's configuration.
Hi, same issue, this are the versions:
ModSecurity-nginx Connector shows v1.0.x - YYYY-MMM-DD (To be released)
modsecurity-crs 3.0.2-1
nginx version: nginx/1.14.0
Ubuntu 18.04.4 LTS
Same issue. Is it fixed in the new version?
ModSecurity-Nginx Connectior v1.0.1
Nginx 1.18.0
Debian 10
Most helpful comment
Yesterday i faced same problem. It wasn't hex ip. It was pointer address.
Here are the quick fix. At ModSecurity/src/transaction.cc change lines like below;
line 1525 - audit_log << " " << this->m_clientIpAddress->c_str();
line 1527 - audit_log << " " << m_serverIpAddress->c_str();
Regards.